General
-
Target
d0fc2f15a3a4e69b737217ee57b52d09
-
Size
306KB
-
Sample
211201-wvxf7shhc2
-
MD5
d0fc2f15a3a4e69b737217ee57b52d09
-
SHA1
ce4dffbc0a397d8464d3000b5ef931d352b2309a
-
SHA256
fd0a42afaecfda32493063d664918e84688419a604f8b00c4113ca85dc8a193a
-
SHA512
690d745cb08761addb66a43a916c79dbcdec9a2ecfcd77f3f5d2385392a1a3f75448e04c58d4f3d9267fcf41b5b19da9a35cfe56ac23f69667f60f2d592eb341
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fx/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d0fc2f15a3a4e69b737217ee57b52d09
-
Size
306KB
-
MD5
d0fc2f15a3a4e69b737217ee57b52d09
-
SHA1
ce4dffbc0a397d8464d3000b5ef931d352b2309a
-
SHA256
fd0a42afaecfda32493063d664918e84688419a604f8b00c4113ca85dc8a193a
-
SHA512
690d745cb08761addb66a43a916c79dbcdec9a2ecfcd77f3f5d2385392a1a3f75448e04c58d4f3d9267fcf41b5b19da9a35cfe56ac23f69667f60f2d592eb341
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-